Back to Home

PRIVACY POLICY

Last Updated: January 24, 2026

This Privacy Policy explains how Pearl Tech Inc., a Delaware corporation ("Company," "we," "us," or "our"), collects, uses, discloses, and safeguards personal information in connection with our mobile applications for iOS and Android, our website https://joinpearlai.com (the "Site"), our waitlist experience, and related services (collectively, the "Services"). By using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services.

Contact: Contact: [email protected] | 701 Brazos St, Austin, Texas USA

Financial Privacy (GLBA/Reg P). Financial Privacy (GLBA/Reg P). To the extent we provide financial products or services for personal, family, or household purposes, certain information we handle may be nonpublic personal information (NPI) governed by the Gramm-Leach-Bliley Act and Regulation P. Where GLBA applies, state consumer privacy laws (e.g., CCPA/CPRA) typically do not apply to that NPI. This Policy covers both GLBA-covered and non-GLBA data and explains the difference.

TABLE OF CONTENTS

1. SCOPE; AVAILABILITY; ROLES2. CATEGORIES OF INFORMATION WE COLLECT3. SOURCES4. HOW WE USE INFORMATION (PURPOSES)5. GLBA vs. STATE PRIVACY LAWS6. WE DO NOT SELL OR SHARE YOUR FINANCIAL DATA7. LIMITED DISCLOSURES (ONLY TO OPERATE SERVICES)8. FINANCIAL DATA CONNECTIVITY9. AI/ML: INFERENCE, TRAINING & FINE-TUNING10. COOKIES, SDKs, AND ONLINE TRACKING11. SECURITY12. YOUR PRIVACY RIGHTS13. DATA RETENTION14. FUTURE MONEY MOVEMENT & ADVISORY15. DISCLOSURE MAP (GLBA vs. State Law)16. CHILDREN'S PRIVACY17. U.S. STATE DISCLOSURES (CA, CO, CT, DE, FL, IN, IA, KY, MN, MT, NE, NH, NJ, OR, TN, TX, UT, VA)18. DATA PROCESSING LOCATIONS & INTERNATIONAL TRANSFERS19. THIRD-PARTY SERVICES & LINKS20. DE-IDENTIFICATION & AGGREGATION COMMITMENT21. CHANGES22. CONTACT

1. SCOPE; AVAILABILITY; ROLES

  • Territory. The Services are available to individuals in the United States. We may expand to Canada and Europe (EEA/UK/CH) later; if so, we will publish required jurisdiction-specific notices and transfer mechanisms.
  • Adults. The Services are intended for adults. App Store and Google Play age gates apply (see §16).
  • Role. We act as a business/controller for our processing and, in limited cases, a service provider/processor to financial institutions or partners.

2. CATEGORIES OF INFORMATION WE COLLECT

The information we collect depends on how you use the Services and your settings.

A. You Provide to Us

  • Account & Profile. Name, email, (optional) phone, hashed password, state/country, time zone, preferences, communication settings.
  • Financial Inputs. Goals, categories, risk tolerance, investment preferences, notes, manual entries, user tags.
  • Waitlist & Marketing. Email and/or phone/SMS consent; referral code/source if applicable.
  • Support & Feedback. In-app messages, email support, attachments you send, troubleshooting data you choose to share.
  • Consents/Preferences. Records of cookie choices, ad opt-outs, privacy settings.

B. Financial Account Information (Optional; Read-Only Today)

If you link accounts via direct/open-bank APIs or a bank partner (when available), we receive, as permitted by you and your bank(s):

  • Account Metadata & Balances. Institution, type, masked identifiers, current/available balances, currency.
  • Transactions. Merchant/payee, amount, date/time, category, memo/description, and standardized enrichment fields.
  • Investments/Holdings (if applicable). Security identifiers (e.g., ticker/CUSIP), quantities, valuations; limited cost basis if provided.
  • Debt/Credit. APR, minimums, due dates, payment history fields provided through the API.

C. Automatically Collected

  • Device & Log. IP address, coarse location (IP-derived), device/OS type and version, app version/build, language, time zone, performance metrics, crash/error logs, diagnostic telemetry.
  • Usage Analytics. Screens viewed, taps/clicks, navigation and search, feature flags, referral/UTM parameters.
  • Cookies/Local Storage/Mobile SDKs. Authentication, preferences, analytics; if enabled, marketing/retargeting (see §10).

D. Sensitive Personal Information

We do not require SSN, driver's license, precise geolocation, or biometrics for the waitlist or basic services. If future features (e.g., transfers, advisory) require limited sensitive data, we will provide just-in-time notice, obtain consent where required, and restrict use to that purpose (§14).

3. SOURCES

We do not purchase data from data brokers.

  • You and your devices (use, settings, communications).
  • Financial institutions you connect via direct/open-bank APIs or bank partners.
  • Vendors providing hosting, storage, analytics, error monitoring, communications, and AI functionality.

4. HOW WE USE INFORMATION (PURPOSES)

We process information to:

  • Provide & Operate the Services: account creation/login, secure sessions, syncing, categorization/enrichment, wealth analysis, insights, notifications.
  • AI Financial Assistant features: summarization, anomaly detection, forecasts, automated recommendations, educational explanations.
  • Personalization: non-sensitive tailoring of content and tips; saved preferences.
  • Security & Integrity: fraud/abuse detection, account protection, rate limiting, audit logging, incident response.
  • Analytics & Improvement: usage trends, performance, crash diagnosis, A/B testing, quality/reliability.
  • Marketing & Waitlist: product updates and promotions where permitted; opt-out any time.
  • Compliance & Legal: GLBA/Reg P, consumer protection, tax/audit, responding to lawful requests.
  • Research & Statistics: using de-identified/aggregated data for product development, benchmarking, and reporting.

5. GLBA vs. STATE PRIVACY LAWS

  • GLBA-covered (NPI). Personal financial information we collect and use to provide your financial service (e.g., linked-account balances, transactions, holdings, financial insights derived from your data).
  • Not GLBA-covered. Website/app analytics, cookies/SDK identifiers, marketing contact info, ad/retargeting data, and aggregated/de-identified reports—these may be subject to state privacy laws (see §17). We apply appropriate rights/opt-outs where required.

6. WE DO NOT SELL OR SHARE YOUR FINANCIAL DATA

  • No sale of financial data. We do NOT sell your financial information to anyone, ever. Your account balances, transactions, and financial details are never sold to third parties.
  • No sharing for marketing. We do NOT share your financial data with third parties for their marketing or advertising purposes.
  • No data brokers. We do NOT provide your financial information to data brokers or aggregators.
  • Service providers only. We only share data with service providers who help us operate our Services (e.g., cloud hosting, security), and they are contractually prohibited from using your data for any other purpose.
  • Your data stays private. Your financial information is used solely to provide you with Pearl's wealth management services.

7. LIMITED DISCLOSURES (ONLY TO OPERATE SERVICES)

We only disclose information to parties necessary to operate our Services, never for marketing or advertising:

  • Service Providers/Processors. Only for operating our platform: hosting/cloud, storage/backup, security (CDN/WAF/DDoS), crash/error monitoring, and communications. These providers cannot use your data for any other purpose.
  • Financial Connectivity. Direct/open-bank APIs and bank partners for read-only access you authorize—solely to display your accounts in Pearl.
  • AI Providers. Only to deliver AI features to you. AI providers cannot use your identifiable data to train their models.
  • Legal/Regulatory. Only as required by law or to protect rights, safety, users, or the integrity of the Services.
  • We do NOT disclose your financial data to advertisers, marketers, data brokers, or any third parties for commercial purposes.

8. FINANCIAL DATA CONNECTIVITY

When you link an account: You authorize Pearl Tech Inc. and our direct/open-bank connectivity (or bank partners) to obtain read-only financial information from your bank(s) and share it with us solely to deliver the Services you request. Your credentials go directly to your bank or a bank-approved interface; we do not receive or store them. You may disconnect accounts at any time in Settings. We will stop new retrievals and handle existing data per Retention (§13).

9. AI/ML: INFERENCE, TRAINING & FINE-TUNING

  • Minimization & De-ID. We design prompts/pipelines to exclude personal identifiers; we rely on de-identified or aggregated financial data wherever feasible.
  • Model Providers. We use pre-built models and may fine-tune models. Unless we clearly state otherwise or obtain your explicit consent, we do not allow AI vendors to use your identifiable data to train their general models.
  • Training/Evaluation. We train and evaluate our AI features on de-identified/aggregated financial data to improve accuracy and safety.
  • No solely automated legal/similar effects. AI outputs are assistive; we do not make decisions with legal or similarly significant effects solely by automated means.

10. COOKIES, SDKs, AND ONLINE TRACKING

You can manage preferences in-app (and via Cookie Preferences when the web app launches) and via your browser/OS.

  • Necessary. Auth, session continuity, load balancing, WAF/DDoS.
  • Functional. Preferences, theming, localization.
  • Analytics. Product usage, funnels/cohorts, performance, crashes.
  • Advertising (if enabled). Interest-based ads/retargeting with opt-outs (§6).
  • DNT/GPC. Browser DNT lacks a standard; we do not respond to DNT. We honor GPC where required.

11. SECURITY

We maintain administrative, technical, and physical safeguards aligned with industry and regulatory expectations, including:

  • Encryption in transit (TLS) and at rest using AWS Key Management Service (KMS) with envelope encryption.
  • Hardened cloud infrastructure; segregation of environments; RBAC and least-privilege access; MFA for privileged accounts; periodic access reviews.
  • Secure SDLC; dependency and vulnerability management; penetration testing; audit logging and anomaly detection; incident response with post-mortems.

12. YOUR PRIVACY RIGHTS

Depending on your U.S. state of residence, you may have rights to access/know, correct, delete, port, opt out of "sale/share" and targeted advertising, limit certain uses of sensitive data (where applicable), and appeal a decision. We do not discriminate for exercising rights. Exercising rights: Use in-app privacy controls or email [email protected]. We verify requests using information we maintain and use verification data only for that purpose. Authorized agents may act where permitted.

13. DATA RETENTION

We retain personal information for as long as legally permitted and necessary to (i) provide and improve the Services, (ii) maintain security/integrity, (iii) meet legal, tax, accounting, and regulatory obligations, (iv) resolve disputes, and (v) enforce agreements.

Data TypeTypical Retention
Account & profileLife of account + up to 12 months
Linked-account data (read-only pulls)Life of account + up to 12 months (or longer if required/permitted)
Usage/telemetry & security logs12–18 months rolling
Crash/error logs90–180 days (longer for active incidents)
Marketing/consent records24 months or as required
Backups/snapshotsRolling 30–90 days (DR purposes)
Payment/tax records (if any)Per law (often 7 years in the U.S.)

14. FUTURE MONEY MOVEMENT & ADVISORY

  • Current state: Read-only connectivity and waitlist (no transfers or advisory services).
  • Future state: If we add transfers or SEC investment advisory features, we will provide just-in-time notices, obtain consents, implement KYC/AML and other controls as required, and update this Policy and our Terms accordingly.

15. DISCLOSURE MAP (GLBA vs. State Law)

  • GLBA/NPI (exempt from CCPA/CPRA): linked-account balances, transactions, holdings; financial insights derived from your data.
  • Non-GLBA (state laws apply): website/app analytics; cookies/SDK identifiers; marketing contact info; ad/retargeting data; aggregated/de-identified reports.
  • Profiling: We do not engage in solely automated decisions with legal/similar effects.
  • Sensitive data: Not required for waitlist/basic services; if later collected (e.g., identity verification), we'll provide just-in-time purpose limitation and lawful basis.

16. CHILDREN'S PRIVACY

The Services are intended for adults and are distributed via App Store and Google Play age settings. We do not knowingly collect personal information from children. If you believe a child provided personal information, contact [email protected] and we will promptly delete it.

17. U.S. STATE DISCLOSURES (CA, CO, CT, DE, FL, IN, IA, KY, MN, MT, NE, NH, NJ, OR, TN, TX, UT, VA)

  • We do NOT sell your personal information, including financial data.
  • We do NOT share your financial data with third parties for advertising or marketing purposes.
  • Your financial data is never provided to data brokers.
  • California "Shine the Light" requests: email [email protected] with subject "Shine the Light."
  • Appeal rights: if we decline a request, reply to our decision or email with "Appeal" in the subject; we'll respond within the time required by your state.

18. DATA PROCESSING LOCATIONS & INTERNATIONAL TRANSFERS

Primary Processing: We process data primarily in the United States through our service providers.

  • Supabase: Data centers in US-East, US-West, and other regions as configured by us.
  • AWS: US regions (primary), with encryption in transit and at rest via AWS KMS.
  • Cloudflare: Global edge network with data processing in US and international locations for performance optimization.
  • Google Cloud: US regions for cloud functions and related services.

19. THIRD-PARTY SERVICES & LINKS

The Services may include links to or integrations with third-party services that have their own privacy policies (e.g., bank APIs, analytics, email/SMS, in-app messaging, AI providers). Review their policies before enabling integrations or sharing information.

20. DE-IDENTIFICATION & AGGREGATION COMMITMENT

We may de-identify or aggregate information for analytics, product development, and commercial reporting. We maintain contractual, technical, and organizational measures designed to prevent re-identification and prohibit recipients from attempting it.

21. CHANGES

We may update this Policy. The "Last Updated" date shows the latest revision. For material changes, we will provide prominent notice (e.g., in-app, email). Please review updates carefully.

22. CONTACT

Pearl Tech Inc.

701 Brazos St, Austin, Texas USA

Email: [email protected]

Website: https://joinpearlai.com

GLBA MODEL PRIVACY NOTICE (SHORT FORM)

What does Pearl Tech Inc. do with your personal financial information?

WHY? We use your information solely to deliver wealth management insights you request, maintain and secure your account, comply with law, and improve our Services. We do NOT sell or share your financial data with third parties for their marketing purposes.

HOW? We share only as required by law or with service providers who help us operate our Services (hosting, security). We do NOT sell, share, or disclose your financial data to third parties for advertising, marketing, or any commercial purpose. Your financial information stays private.

TO LIMIT SHARING: Use in-app privacy settings or email [email protected].

QUESTIONS? [email protected]